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United Slates Department of State 
Jf^shington, D.C. 20520 
August 14, 1985 


CONPIDEMTIAL 


MEMORANDUM FOR: Vice Admiral E. A. Burkhalter, Jr. 

Director 

Intelligence Community Staff 

SUBJECT : Request for Support to Correct IHS System 

Vulnerabilities 

This memorandum is in response to the IC Staff COMPUSEC 
study recommendations with regard to the State INR/IHS system. 
The Department is prepared to make the necessary upgrades and 
modifications to disconnect the IHS System from the IBM 3038 in 
order to comply with the COMPUSEC study recommendations. Our 
working plan was submitted to the IC Staff in May 1985 and 
reviewed favorably by technical consultants. The Department 
will make every effort to make the disconnect by April, 1986. 

The basic approach to satisfying these requirements will 
include the following steps: 

1) Replicate those functions of the IHS currently executed 
on the IBM hardware with no loss of capability for the 
users . 

2) Utilize Department of State software contracts to 
support the work. 

3) Purchase necessary hardware to implement required 
security plan. 

4) Perform all development work on site in the IHS SCIP. 

5) The Information Systems Office will provide techincal 
support. Information Systems Security Office will 
provide guidance and INR will provide managerial 
control over the project. There will be continued 
liaison with the IC Staff. 

The Department of State approach has been approved by the 
COMPUSEC team and is now being reviewed by a contractor to 
develop a detailed workplan and schedule of events. The ISO 
funded contractor is working with both INR and ISO. INR will 
provide continued maintenance once the system has been accepted 
by the Department as being fully operational. 
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CONFIDEMTIAL 
- 2 - 

Software revision activities will be covered by Department 
of State in-house funding including use of existing contractor 
services. However, new hardware and software related to that 
equipment will require funding beyond our present scope. 
Funding has been estimated at $250,000 for upgrading central 
processors and major peripheral 
identifying resources in order 


Secretary 

Bureau of Intelligence and Research 
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January 18, 1985 


SECRET 


MEMORANDUM FOR: 


Director, dci's computer Security (COMPUSEC) 
Project 


SUBJECT: Pinal Report of the COMPUSEC Assessment of the 

State INR Automated Information System 


I have reviewed the final report of the COMPUSEC assessment 
of the INR automated Information Handling System (IHS) and 
welcome the suggestions to improve its security. 

I have endorsed this project since its inception, and as 
you will recall, enthusiastically volunteered the IHS to be 
surveyed* Many of the recommendations in your report were 
raised initially by State personnel during discussions with 
your staff. The Department has been aware of some of the 
security shortcomings but lacked the resources to take 
corrective action. For example, we early-on recognized the 
need for the software programs to ensure compartmentation and 
our efforts over the past year in this area are nearing 
completion . 

In compliance with your recommendation to disconnect the 
PDP 11/70 from the IBM 3083, my staff, in conjunction with ISO, 
has compiled an estimate of resources needed to upgrade the INR 
system so that the disconnect can be accomplished. In 
addition, we also have an estimate of resources needed to 
divert selected classes of data from the IHS so that the 
planned IHS/COINS connection can take place. 

Another basic finding contained in the report is that the 
existing system lacks current security accreditation as 
required by DCID 1/16. INR has been working since last year 
with the Department's Information Systems Security Office to 
achieve proper accreditation for the INR/IHS. This project is 
ongoing and its results will be reported to you. 

I am counting on your assistance and support in identifying 
funds needed to implement these modifications. The point of 
contact in INR for this effort is Eileen Vanderburgh, 632-2555. 



Hugh Montg 
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Department of State 


FRCH: 


SUBJECl: 


Director. DCl's Computer Security (COMPUSEC) Project 

Final Report of COMPUSEC Assessment of the 
INR Automated Information System 
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1 Attached are three copies of the DCl-sponsoreo Comput^ Security 

/roMPiWcl Project learn* s assessment of the security of the INR ai^OTateo 
(COMPUSEC) Proje« leam includes the DCl Directives 

t. identified In Appendix IH. 

7 A< vou recall, the COMPUSEC Project Team, under the o^^ertion of i 
^ irfomed an initial assessment of your system in November 198 j ana 

♦hdhn hpoi n*! rore refined and detailed security analysis of the system in 
then began a morc^^ assessment were sent to appropriate 

* 11 ? Serswnel^and to Peter Kurtz, the systems programmer for the INR system. — ^ 

l^dhH on their concerns with some of the findings in our report. | 1 

!jrf hirC 0 MPUSEC Project Team modified earlier drafts and brought in highly 
and his C ^ experts who explained our concerns to your 

JSl^stStitiJes. They were Dr. Lara Baker, Los Alam os National Lab (LANL) and 
Mr. H. 0. Lubbes, Naval Electronics Coninand.| 
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WARNING NGTia 
INTELLIGENCE SOURCES 
OR METHODS INVOLVED 
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fi Your oarticipatlon and support in the COhPUSEC effort has been 
appreciated. I consider this report to be under vour control. It -ill 

. wrrnr- JIDOrOVal. 1 dllO 


to l^fng t hroush 


will be happy 


-d* by th. CWUSEC Pr.j«t !«»». 


Attachment; a/s 


Distribution: 

Orig - Adse (w/atts) r . , .. » 

2 - INR/OIS (Mrs. Eileen Vanderburgh) (w/o/appendices) 
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